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WHAT IS CLAIMED IS: 

1. A method for securing a communication between at least 
one initiator and one responder of said communication 
comprising: 

a) computing an authentication code using a first key and 
a second key within said responder, 

b) transmitting said second key and said authentication 
code from said responder to said initiator using a 
first communication channel, 

c) transmitting said first key from said responder to said 
initiator using a second communication channel, 

d) computing a verification code using said first key and 
said second key within said initiator, and 

e) comparing said verification code with said 
authentication code within said initiator. 

2. The method of claim 1, wherein a first key is 
generated within said responder. 

3. The method of claim 1, wherein a second key is 
generated within said responder. 

4. The method of claim 1, wherein in step b) said second 
key and said authentication code are transmitted via a 
confidential and/or authenticated communication 
channel . 

5. The method of claim 1, wherein in step c) said first 
key is transmitted via an open communication channel. 

6. The method of claim 1, wherein said second key is 
composed of a first part and a second part and wherein 
said first part is used for computing said 
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authentication code and said second part is used for 
calculating an authentication value in a further step 
f ) . 

The method of claim 6, wherein said first part is an 
empty string and wherein said authentication code is 
calculated as an unkeyed hash code . 

The method of claim 1, wherein said authentication 
code and said verification code are computed using an 
algorithm to compute a short message authentication 
code . 

The method of claim 1, wherein the comparison of 
authentication code and verification code in step e) 
yields a difference, said initiator requests said 
responder to retransmit said first key. 

The method of claim 1, wherein in a further step 

f ) an authentication value is calculated within said 

initiator using said second key. 

The method of claim 10, wherein said authentication 
code is calculated using a pseudo random function. 

The method of claim 10, wherein said authentication 
value is used in a step g) for authenticating messages 
transmitted from said initiator to said responder, or 
vice versa. 

The method of claim 12, wherein the steps a) - b) are 
pre-authentication messages and wherein step c) and g) 
are internet key exchange protocol messages . 
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14. A method for securing a communication between at least 
one initiator and one responder of said communication 
using legacy authentication comprising: 

a) computing an authentication code using a raw public key 
and a second key within said responder, 

b) transmitting said second key and said authentication 
code from said responder to said initiator using a 
first communication channel, 

c) transmitting said raw public key from said responder to 
said initiator within an encrypted certification 
payload using a second communication channel, 

d) extracting said raw public key from said encrypted 
certification payload, 

e) computing a verification code using said raw public key 
and said second key within said initiator, and 

f ) comparing said verification code with said 
authentication code within said initiator. 

15. The method of claim 14, wherein a first key is 
generated within said responder. 

16. The method of claim 14, wherein a second key is 
generated within said responder. 

17. The method of claim 14, wherein in step b) said second 
key and said authentication code are transmitted via a 
confidential and/or authenticated communication 
channel . 

18. The method of claim 14, wherein said second key is 
composed of a first part and a second part and wherein 
said first part is used for computing said 
authentication code and said second part is used for 
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calculating an authentication value in a further step 
9) ■ 

The method of claim 14, wherein said first part is an 
empty string and wherein said authentication code is 
calculated as an unkeyed hash code. 

The method of claim 14, wherein in step c) said 
encrypted certification payload comprising said raw 
public key is transmitted via an open communication 
channel . 

The method of claim 14, wherein said authentication 
code and said verification code are computed using an 
algorithm to compute a short message authentication 
code . 

The method of claim 14, wherein the comparison of 
authentication code and verification code in step f ) 
yields a difference, said initiator requests said 
responder to retransmit said certification payload. 

The method of claim 14, wherein in further steps for 
communicating the second key is used for 
authenticating the initiator to the responder. 

The method of claim 14, wherein the steps a) - b) are 
pre-authentication messages and wherein step c) is an 
internet key exchange protocol with extended 
authentication protocol (IKEv2 EAP) message. 

A system for encrypting messages transmitted between 
an initiator and a responder, wherein 
said responder comprises 
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- computing means for computing an authentication 
code from a first key and a second key, 

- first transmission means for transmitting said 
second key and said authentication code from said 
responder to said initiator using a first 
communication channel, and 

- second transmission means for transmitting said 
first key from said responder to said initiator 
using a second communication channel, and wherein 

said initiator comprises 

- first transmission means for receiving said second 
key and said authentication code from said 
responder via said first communication channel, 

- second transmission means for receiving said first 
key from said responder via said second 
communication channel, 

- computing means to compute a verification code from 
said first key and said second key, and 

- comparing means for comparing said verification 
code with said authentication code. 

The system of claim 25, wherein said responder further 
comprises generating means for generating a first key 
and/or a second key. 

The system of claim 25, wherein said first transmission 
means of said responder and said initiator allow 
communicating via a confidential and/or authenticated 
communication channel . 

The system of claim 25, wherein said second 
transmission means of said responder and said initiator 
allow communicating via an open communication channel. 
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29. The system of claim 25, wherein said responder 
comprises storage means to store said second key. 

30. The system of claim 25, wherein said initiator 
comprises storage means to store said received second 
key and said received authentication code. 

31. The system of claim 25, wherein said initiator and said 
responder comprise operating means to be operated 
according to an internet key exchange protocol . 

32. A computer program with instructions operable to cause 
a processor to secure a communication between at least 
one initiator and one responder of said communication 
by: 

a) computing an authentication code using a first key and 
a second key within said responder, 

b) transmitting said second key and said authentication 
code from said responder to said initiator using a 
first communication channel, 

c) transmitting said first key from said responder to said 
initiator using a second communication channel, 

d) computing a verification code using said first key and 
said second key within said initiator, and 

e) comparing said verification code with said 
authentication code within said initiator. 

33. A computer program product with a computer program 
stored thereon with instructions operable to cause a 
processor to secure a communication between at least 
one initiator and one responder of said communication 
by: 

a) computing an authentication code using a first key and 
a second key within said responder, 
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b) transmitting said second key and said authentication 
code from said responder to said initiator using a 
first communication channel, 

c) transmitting said first key from said responder to said 
5 initiator using a second communication channel, 

d) computing a verification code using said first key and 
said second key within said initiator, and 

e) comparing said verification code with said 
authentication code within said initiator. 

10 34. A communication device for communicating securely with 
an initiator, said device comprising: 

- computing means for computing an authentication code 
from a first key and a second key, 

- first transmission means for transmitting said second 
15 key and said authentication code from said responder to 

said initiator using a first communication channel, 
second transmission means for transmitting said first 
key from said responder to said initiator using a 
second communication channel, and 

2 0 - deciphering means, deciphering a ciphered message from 

said initiator, where said ciphered message is ciphered 
with a shared secret key at least partially derived 
from said first key. 

35. The communication device of claim 34, comprising 

25 authorising means, authorising an authorisation message 

from said initiator, where said authorisation message 
is authorised with a shared secret key at least 
partially derived from said first key. 

36. A communication device for communicating securely with 

3 0 a responder, said device comprising: 
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first transmission means for receiving a second key and 
an authentication code from a responder via said first 
communication channel, 

second transmission means for receiving a first key 
from said responder via a second communication channel, 
computing means to compute a verification code from 
said first key and said second key, 

comparing means for comparing said verification code 
with said authentication code, and 

ciphering means, ciphering a message to be sent to said 
responder, where said ciphered message is ciphered with 
a shared secret key at least partially derived from 
said first key. 

The communication device of claim 36, comprising 
authorising means, authorising an authorisation message 
with a shared secret key at least partially derived 
from said first key. 

A module for providing secure communication with a 
communication device, said module comprising: 
computing means for computing an authentication code 
from said first key and said second key, 
first transmission means for transmitting said second 
key and said authentication code from said responder to 
said initiator using a first communication channel, 
second transmission means for transmitting said first 
key from said responder to said initiator using a 
second communication channel, and 

deciphering means, deciphering a ciphered message from 
said initiator, where said ciphered message is ciphered 
with a shared secret key at least partially derived 
from said first key. 
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39. A module for providing secure communication with a 
communication device, said module comprising: 
first transmission means for receiving a second key and 
an authentication code from a responder via said first 
communication channel, 

- second transmission means for receiving a first key 
from said responder via a second communication channel, 
computing means to compute a verification code from 
said first key and said second key, 

- comparing means for comparing said verification code 
with said authentication code, and 

- ciphering means, ciphering a message to be sent to said 
responder, where said ciphered message is ciphered with 
a shared secret key at least partially derived from 
said first key. 
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